Blog
RSA-768 factored
Posted on 13 Jan 10
A team of researchers of several institutes has been able to factor a RSA-768 number by using the number field sieve. This is a known technique; the contribution of the research is the size of the number factored (786 bits; 232 digits). They conclude that "at this point factoring a 1024-bit RSA modulus looks more than five times easier than a 768-bit RSA modulus looked back in 1999, when we achieved the first public factorization of a 512-bit RSA modulus. Nevertheless, a 1024-bit RSA modulus is still about one thousand times harder to factor than a 768-bit one. If we are optimistic, it may be possible to factor a 1024-bit RSA modulus within the next decade by means of an academic effort on the same limited scale as the effort presented here."
DPA attack on mobile phone
Posted on 22 Oct 09
Harald Welte made a comment on a news article that describes a DPA attack on a mobile phone. He wonders what key would be the target of such a DPA attack and rightly states that from a 'normal' mobile GSM phone perspective the phone plays no role in the security of the system. Everything is dealt with between the back-end and the SIM card.
However, mobile phones these days are of course much more than just a GSM/UMTS device. They store different kinds of user data for example. Which may be secured with cryptographic keys in the application processor. But also the phone manufacturer or telecom provider may have reasons to guard the mobile device from the owner itself. Think of network and SIM lock mechanisms or code protection features.
Mobile phone unlocking and reprogramming is actually a significant market where the stakes (and rewards) are high for the first party to come out with new unlock solutions. In such a world DPA and other side channel attacks (such as fault injection) are very real.
And for the future this will only increase as parties worldwide are searching for the ultimate way to bring payment systems to your mobile device. Whether over UMTS or NFC and with or without smart cards. In such a world assessing side channel attacks on mobile devices is not strange at all.
112 bit encryption
Posted on 15 Jul 09
Joppe W. Bos and Marcelo E. Kaihara of the École Polytechnique Fédérale (EPFL) in Lausanne, Switzerland, have been able to solve the elliptic curve discrete logarithm problem for a 112-bit field. They used the computing power of a cluster of PS3's to do the calculations.
Theoretically, the best known algorithm for attacking an 112-bit ECC field requires in the order of 2^56 operations. In the end, 8.5*10^16 curve operations were performed. The authors report their efforts to be in the order of 14 full 56-bit DES key searches, conforming the strength of this key is practically close to that of a single DES key.
More background on http://lacal.epfl.ch/page81774.html
Webcomic
Posted on 10 Feb 09
Never forget the attacker always takes the path of least resistance:
The perils of the Smartcard Webserver
Posted on 12 Dec 08
The mobile telephone industry is one where life is short if you are a handset. It seems like every month a new and improved model is hitting the market, with more features and lots of storage for your MP3s and stuff. Most of them support USB and the average smartphone supports WiFi. This rapid development cycle takes hold of the industry and everything around it, like an avalanche. For example to support "push e-mail" on your cellphone your mobile operator needs to install yet another server that sends a message to the phone that mail is awaiting. This "push" server 'knows' it because it connects to the e-mail server.
In GSM and UMTS networks (originated in Europe), the handset holds a Subscriber Identity Module or a SIM. And it evolved too. In fact, it evolved to a level where it's no longer called a SIM but a "UICC":
Universal Integrated Circuit Card.
This UICC may support a USB and/or contactless interfaces. The latter would be used for mobile payments and ticketing.
The modern UICCs can host multiple applets, just like GlobalPlatform smartcards. One of the latest applications is the "smart card web server".
As most handsets these days have a webbrowser built-in, you could use it to access information in the smartcard. In addition, the smartcard might update its content over the internet. It would ease the effort to use the mobile operators' OTA network, altough installation keys are still needed.
However, with the introduction of a web server on the smartcard a whole new area of threats opens up to this small environment. Application developers have to be security aware, and learn from the Internet guys what evil lurks yonder the handset. I think is safe to say there are more evildoers with knowledge of TCP/IP than there are with smartcard knowledge.
Fortunately(?) most mobile operators have no marketing drive to implement all the new features provided by the UICC. People want 10Megapixel cameras, 160GB storage and use movies of a frog on a moped for their screensaver. But will they be prepared when they do have a need to enable the smart card web server?
Tempest on keyboard entry
Posted on 28 Oct 08
Recently, Martin Vuagnoux and Sylvain Pasini of EPFL in Lausanne, Switzerland published videos of remotely eavesdropping on keyboard entry [http://lasecwww.epfl.ch/keyboard/]. In this attack, they analyze electromagnetical (EM) emanations from a keyboard, and, using relatively inexpensive equipment, can fully recover the keys that have been pressed. This is the first public proof-of-concept of earlier suspicions that keyboards may leak so-called compromising emanations. If you type a secret, it could be revealed.
Similar attacks have been known publicly since 1985, when Van Eck published his remote TV cloning attack. In this attack, he is able to remotely clone the image on a TV using its EM emanations. Intelligence organizations such as the NSA were already secretly aware of these leakages and the possible attacks since at least the 1960s, when they were used to spy upon foreign powers. The codename TEMPEST refers to the NSA's studies on compromising emanations. These weaknesses have later been shown to also be present in more modern LCD monitors. If you read a secret, it could be revealed.
In the power analysis world, we use this technique on a daily basis when we perform simple or differential EM analysis (SEMA/DEMA). EM analysis is a response to early countermeasures implemented against power analysis (SPA/DPA), but is currently still an effective analysis channel. Although we analyze the near EM field, the principle is the same: any leakage through EM emanations is picked up by a probe, and is analyzed with specialized software to extract the secret information we are interested in. If you process a secret, it could be revealed.
Using EM emanations to extract information shows that attackers are inventive, and will seek out the weakest links in a system. Fortunately, there is an array of countermeasures. Just make sure that if you have a secret, you test whether it is actually revealed.
Passport cloning in perspective
Posted on 06 Oct 08
Recently, a tool [1] has been made available to "clone" electronic passports. Also, in recent international press items there have been several confusing and sometimes erroneous statements about the electronic passport. Let me try and explain what it means and takes to clone a passport, for cloning is possible given the specification for some types of electronic passports!
Cloneable vs. uncloneable passports
The standard (ICAO's MRTD) for electronic passports supports several flavors. The medium security variant of the electronic passport is really just a collection of data files containing the holder's personal details and picture. These files are electronically signed by the country issuing the passport. The signatures and data files can be downloaded from the electronic passport and written to a blank chip: there is no protection against cloning the passport data. Because of the electronic signatures, there is protection against modification of the data files contained on the passport. Also, because of the signatures the authenticity of the data files can be verified. The high security variant contains a mechanism that prevents cloning. We call these passports "AA-passports" after the name of the additional mechanism present on these passports. Most, but essentially, not all, data can be copied from the AA-passport onto a blank chip. A clone of a AA-passport can be detected due to the missing data that could not be copied from the original passport. This secret data is used in an authentication mechanism called "Active Authentication". Clones of AA-passport cannot perform a valid Active Authentication, because they are missing the secret data, which is in fact a private RSA key. Some (or most) countries use the medium security variant. Therefore, passports from these countries can be cloned (by specification). Electronic passports issued by The Netherlands are AA-passports and thus the high security variant.
Detection systems
Whereas the functions and requirements of the electronic passport are defined in a standard, the requirements for the detection system for reading these passports are not. Furthermore, the reading systems currently available do not all correctly verify the authenticity and integrity of the passport data. Weak detection systems can be tricked into accepting "cloned" AA-passports and even modified passports. A weakness in the passport [2] in combination with a weak detection system may cause a high security AA-passport to be degraded to a medium security passport without detection. The weakness in the passport is that not all data on the passport is signed. Specifically, some data from which one may derive whether or not the passport is AA is not signed and may be changed on a copy. Jeroen van Beek, who found the passport weakness, claims that clones he makes with the change in the unsigned data are accepted by all inspection systems that are based on "ICAO's worked examples" which is unwanted, because most developers will follow the worked examples blindly. Still, there is second way to detect whether the passport is AA, and that method is based on data that is actually signed. Clearly, a good detection will use information from the signed passport data on determining whether or not a passport supports AA. The tool that can be downloaded from [1] will automatically create a downgraded clone from an AA-passport.
Elvis in the Netherlands?
On the website where the passport cloning tool can be downloaded, there is a video showing the passport of Elvis being read on a passport reader at Schiphol Airport. It is important to note that the actual passport weakness discussed above is not the cause for fake Elvis passports being accepted by passport reading systems. The personal data of both medium security and high security passports is signed by the country issuing the passport via a certificate chain. Detection systems are responsible for checking the entire certificate chain down to the root certificate in order to verify the authenticity of a passport. A fake Elvis passport can well be signed, but never by a certified authority. The passport reading system at Schiphol Airport does not verify the certificate chain and therefore does not make note of this passport being a fake. The same holds for passport reading equipment present in Dutch town halls.
[1] freeworld.thc.org/thc-epassport/
[2] www.blackhat.com/presentations/bh-usa-08/van_Beek/bh_us_08_van_Beek_ePassports_Reloaded_Slides.pdf
This week Riscure joins Global Platform as a participating member. Global...